Although the Windows operating system has left us a lot of unpleasant memories, but have to admit that: Windows is still the most widely applied in the world. Faced with such a huge and complex operating systems, protect its security imperative. On the Windows side of the current security technology and concepts, this article will list some common problems and helping users better understand the Windows security mechanisms.
1, port
Port is a computer communication channel with the outside world, they are the same as a door control the transmission of data and instructions. Various types of data packets will be added when the final packet port information in order to identify the packet received after unpacking. We know that many worms is the use of the port information to achieve malicious harassment. Therefore, the original vulnerable Windows systems, it is necessary without some risk of the port used to shut down or blocked, to ensure information security.
Similarly, the face of network attacks, the port is critical for the hackers. Each service corresponds to the appropriate port, such as our website, you need server WWW service, port is 80, smtp is 25, ftp is 21, if the enterprise server, file services, or simply make the exchange within the network, shut down part of the port not a bad idea. Because the port is closed, you can further protect the safety of the system.
The method is very simple and close the port, in the "Control Panel" → "Administrative Tools" → "Service" can be configured.
Here to talk about 139 key port, port 139 NetBIOS Session port is used to file and print sharing, turn off the 139 port is in the "local connection", select "Internet Protocol (TCP / IP)" properties, go to "Advanced TCP / IP Settings "" WINS Settings ", there is a" Disable TCP / IP, NETBIOS ", select the port after the 139 can be closed.
Why close the 139 port then? This involves a 139-port intrusion problems. If there is one hacker to determine the host 139 port holes. Scanning tool to scan, then use the nbtstat-a IP case this command by the user, and finally to complete the operation of illegal access.
Second, Group Policy deployment
Group Policy and the registry is an important two Windows system console. For system security, deployment, Group Policy has the manifestation of its more intuitive by users. We can group policy against third-party illegal change of address, it is forbidden to freely modify the firewall configuration parameters can also be improved by sharing the password strength from its break.
For example, in a specific network environment, if some users to share the same network to access a single workstation, the security risks become apparent, if we do not have Internet access designated security area, so the permissions will cause the workstation disorder, thus leading to to systemic risk. Light to cause a system collapse, severe cases can be subjected to remote intrusion, loss of valuable information. Therefore, in order to protect the local network and the local workstation De safety, we can try in the public computer system, by setting the group Celue way for ordinary users to define security Shangwangquyu to force users of the system Zhineng Jinru She Dingnei security in the region of Internet surfing.
As the group policy with an intuitive interpretation of the name and function, the application is relatively simple for administrators and end users are very convenient, but its function is far from limited up as simple as we can track it as a security tool. For example, you can use Group Policy to find shared directory access traces.
This LAN monitoring is very important to the user. Because within the network, in the event of illegal users, and sharing most of the invasion, and access to shared resources, and then query the directory to access information shared can track the request of the original, found the murderers. Open the Group Policy list on the left after the area in the "Local Computer Policy" → "Computer Configuration" → "Windows Settings" → "Security Settings" → "Local Policies" → "Audit Policy" option in the "Audit Policy" in find the "Audit object access", select Properties interface of the "failure", "successful" entry, later problems can be there when targeted into the system security log file, to view the event log.
3, EFS
That system security, would have to say that the concept of EFS. EFS (Encrypting File System, Encrypting File System) is a feature of Windows system, NTFS partition for files and data, users can encrypt, so as to achieve rapid increase in data security purposes.
EFS encryption policy based on public key. EFS encrypted using a file or folder, the system will first generate a pseudo-random number from the composition of the FEK, which is file encryption keys, and then will use the FEK and data extension to the standard X algorithm to create encrypted files and to store, also delete the original file.
Then the system will make use of public key encryption FEK, and the encrypted FEK is stored in the same encrypted file. Access is encrypted in the file, the system first using the current user's private key to decrypt FEK, and then decrypt the files using FEK. Although there are some threats EFS encryption breakthrough Fang Shi, but we 仍然 reason to believe, rely on the system of the technologies of Anquanbaozhang Ke Yi Zuo most Kuaisu of protection, even if it is Yonglai emergency Bao Hu.
Windows systems for a wide range of security concepts, from the digital certificate to the firewall, from data encryption to password authentication. Point in the security system itself is still considered a very comprehensive level of protection for the system although the omission occurs, but for today's increasingly rich security tools for today, there is no need to worry too much about.这些内容,尤其是在企业级的工作站保护中显得很重要。